/ 
Safe-2.13
River stage four • 35 direct dependents • 2400 total dependents
Security Advisories (2)
CVE-2010-1168 (2010-06-21)

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

CVE-2010-1447 (2010-05-19)

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.

Changes for version 2.13

  • Backport the bleadperl version to CPAN. Changes:
  • Change 33096 on 2008/01/28 by rgs@stcosmo
    • Bump the version of Safe
  • Change 33093 on 2008/01/28 by rgs@stcosmo
    • In Safe, load Carp::Heavy only if it exists (to remain compatible with older perls)
  • Change 32597 on 2007/12/08 by rgs@counterfly
    • Change maintainer address for Safe.
  • Change 32103 on 2007/10/12 by rgs@counterfly
    • Funny symbol table names can be shared, too
  • Change 32102 on 2007/10/12 by rgs@counterfly
    • Share the internal XS functions defined in universal.c to Safe compartments
  • Change 31610 on 2007/07/13 by rgs@stcosmo
    • Use new style L<> links in POD
  • Change 26814 on 2006/01/13 by rgs@stencil
    • Add a link to the Opcode doc in Safe. (see RT CPAN ticket #8579)

Modules

Safe
Compile and execute code in restricted compartments

Other files